Professional Documents
Culture Documents
Thesis Final Presentation
Thesis Final Presentation
Thesis Final Presentation
Todays Agenda
Overview
Understanding Subject Motivations & Challenges Missions of Thesis Incidents from Real Life Software Vulnerabilities RATs (Remote Administration Tools) Counterfeit Applications Case Study: Counterfeit RAT Analysis Software Application Licenses Case Study: Software Protection Schemes Demonstration of Tools Conclusions Questions ?
Understanding Subject
Reverse Engineering: Offensive Blackbox Software Security Assessment. Reverse Engineering: is process of discovering technological principles of object, system or through analysis or its operation.
Why Reverse Engineering ? Its empirical study field involves lots of analysis and research. Why Offensive ? If you know strategies of your enemy, you can develop your own strategies to defeat him. Why Blackbox ? Not necessarily we need to have source code, nor we could be provided with.
Challenges
Lack of technical documentation Lack of scientific works in the same field Technically complex and commercial systems Entirely particular empirical challenges with low success rate
Thesis Mission
Behavioral
Analysis
How applications are loaded into memory and executed by operating system. Knowing operating system internals and structure of program its enough to analyze behaviors.
Extending Functionalities
Its possible to extend functionalities of programs. Even though we dont have the source code application. Reverse engineering is an excellent weapon to do so.
Security Assessment
Not only spotting vulnerabilities or errors. But also defeating protection schemes is possible knowing fundamentals about Assembly language.
Easy Chat Server handy applications allows to chat without any additional application except web browser
February 17th the CNN published an interesting article, where some Syrians regime opponents claimed that the government was using a Trojan to monitor and disrupt the protestors network.
Counterfeit Applications
Counterfeit applications:
Information gathering Criminal justice & law enforcement Industrial espionage ID Theft and Financial Fraud Cyber Wars ( e.g. Duqu Flame - Stuxnet )
Prorat client offers wide range of functionalities. Any computers on which server.exe placed can easily managed by this tool.
Everything recorded into their system, sockets connection binded waiting for connection
10
Adding fake license checking routines does not influence complexity of algorithm Recklessly implementing license checking systems without being familiar with reverse engineer is simply weak
11
Application offered as 90-day trial, having purchased application firm provides a license key to remove trial limitation.
Super EZ Wave Editor really successful handy tool provides lots of effects, plug-ins, audio editing functionalities.
Case Study: License Scheme Analysis and Jump-Pruning Attack Demonstration (contd)
Super EZ Wave Editor:
There isnt any exe compression tool or third-party tool used to protect application itself There isnt any effective license verification or calculation algorithm except some fake calculation in order deceive crackers. However its useless.
12
Super EZ Wave Editor explicitly calculates the license key of application according to given name. Then it compares whether given license keys matches with original one placed in memory.
13
Dongles are very effective protection system, though they are less preferred.
14
Exemplary software delivered by DVD, Cambridge TOEFL Prep, application requires physical presence of original DVD applying couple of verification techniques, in case of pirated DVD or absence of DVD gives such error without any further explanation
Debugger view of exemplary software delivered by DVD, Cambridge TOEFL Prep, application protected by Securom (https://www2.securom.com/), checks whether CD/DVD inserted and authentic, otherwise refuses execution
Demonstration of Tools
15
Couple different portable executable tools have been implemented in order to analyze, demonstrate weaknesses of commercial applications which generally solve particular problem.
Conclusions
Developers shouldnt solely rely on third-party application protectors. Before distributing application, protecting and packing will increase the security level. Designing license protection and correction schema is really hard job to do. Highly experienced reverse analysts must implement these protections schemes where complex cryptography is implemented. Endangering license scheme not only cause financial loss but also damages applications & companys prestige. Reverse engineering is a great tool when its used properly. There is no hundred percent secure system.
16
Questions ?
17
18